| Author |
Preventing users from seeing old data using their browser back button
|
Rob Micah
Ranch Hand
Joined: Aug 30, 2011
Posts: 89
|
|
I have a question about the way requests work upon using the back button in a browser. I have 3 servlets. The first has a form that upon submission queries a database and forwards the request on to the second. The second servlet displays information from the results of the database search and displays a form to go to servlet #3. The third servlet displays a link for payment on an external website. What I am attempting to do is prevent the user from using their back button to view out-of-date results from the database in servlets #2 and #3. Servlets #1 and #2 use GET method while #3 uses POST. So the logic is like this:
Servlet #1: User submits search form. Store results in HttpSession.Servlet #2: Check for valid HttpSession. Display search resultsServlet #3: Check for valid HttpSession. Display link for payment on third party site
In servlets #2 and #3 if a valid HttpSession isn't detected up front I am redirecting to the home page. To check for out-of-date information I have added a check in servlet #3 in its request-handler to check the database to make sure the results stored in the session still match what's on the database. If not, invalidate the session and redirect to the homepage. Now if I alter the database, either manually or by making a payment, and use my back button of my browser to back up to servlet #2 it appears that a new request is submitted because I see updated results.
So my question is this: Is my original request from servlet #1 being re-sent when I use my back button to back up to servlet #2?
|
 |
Cole Terry
Ranch Hand
Joined: Nov 23, 2011
Posts: 45
|
|
Rob Micah wrote:
So my question is this: Is my original request from servlet #1 being re-sent when I use my back button to back up to servlet #2?
Probably no, because the browser may cache the previous page and it does not re-contact the server when using Back button. Unless you put "no-cache" in the response headers from the Servlet.
|
|
Kumaravadivel Subramani
Ranch Hand
Joined: Jul 05, 2008
Posts: 162
|
|
|
Yes web browser caches the POST form request details and when to hit F5/Backspace or click on web browser's back button it actually re-sends it. To avoid this there could be more ways but my suggestion is to make a dummy request after POST request (Have stored all data of POST request in httpsession) which actually would go to browser and comes to the servlet. This is to overwrite the web browser cache and valuable requests such as payment request can be stripped out of re-sending. I've implement the solution in my web site long back and working fine. Ensure this method won't be a problem of your performance.
|
No pain, No gain.
OCJP 1.6
|
|
Rob Micah
Ranch Hand
Joined: Aug 30, 2011
Posts: 89
|
|
|
Even though I didn't set no-cache in the header of servlet #2 it appears that it was sometimes re-sending the GET request. So what I wound up doing was changing that request method from servlet #1 to POST as well. The reason is because most browsers, if not all, will warn the user they are navigating back to a page that received a POST request and the browser will send a new request to the server.
|
|
Kumar Raja
Ranch Hand
Joined: Mar 18, 2010
Posts: 457
|
|
Check PRG
|
Regards
KumarRaja
|
|
Michael Kato
Greenhorn
Joined: Aug 06, 2010
Posts: 12
|
|
Kumar Raja wrote:
Check PRG
Post-Redirect-Get doesn't solve this at all. Even the example demo at your link allows you to hit back and see the entered data.
|
|
Amit Ghorpade
Bartender
Joined: Jun 06, 2007
Posts: 2551
|
|
There are two ways to get about this
1) Don't allow the browser to cache the page.
2) Use javascript to work with history.
|
SCJP, SCWCD.
|Asking Good Questions|
|
|
 |
|
|
subject: Preventing users from seeing old data using their browser back button
|
|
|
0
